Best Blackhat Forum

Best Blackhat Forum > Freebies > Software, Scripts, Plug-ins, Tools and Bots > Who Said ClickJacking Is Dead ! NEW Method > ClickJack Facebook, Twitter and Google Plus > Working 2015 !
Full Version: Who Said ClickJacking Is Dead ! NEW Method > ClickJack Facebook, Twitter and Google Plus > Working 2015 !
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3 4 5 6

High on Life

01-21-2015, 01:22 PM
Anybody know what's going on with my downloads?

This started just now out of nowhere (i disabled plugins and nothing)
...using latest Firefox on W8

Magic Button :
[Image: EoTR7O1.png]

midascodebreaker

01-21-2015, 01:36 PM
Im editing the index.html but i cannot see a link for fb fanpages , only APP ID ...
also i cannot see twitter user link that i can change...

the only thing i can change is google+ fb app id , no more no less....

is the script lacking any codes?

burn66burn

01-21-2015, 01:52 PM
can practice this script on blogger?

nichelist

01-21-2015, 02:14 PM
(01-21-2015 01:36 PM)iyuri305 Wrote: [ -> ]Im editing the index.html but i cannot see a link for fb fanpages , only APP ID ...
also i cannot see twitter user link that i can change...

the only thing i can change is google+ fb app id , no more no less....

is the script lacking any codes?

You will find to change [YOURNAME] at clickjacker.js

social-clickjack
================

Social Clickjack script - Social Engineering POC


HOW THE CODE WORKS
- User visits the page -> jQuery script is executed
- The script detects which social media sites the user is logged into (Facebook, Twitter, or Google+)
- If the script detects a login from any of those sites, it will iterate down the list and pick the first of the logged in sites (for this example, let’s use Facebook)
- Using HTML, CSS, and Javascript/jQuery, a hidden button will be loaded and tied to the user’s mouse click event
- When the mouse is clicked, the button will trigger and execute a particular function tied to Facebook, Twitter, or Google. In this case, the button is a ‘Like’, and the user has unknowingly liked a page on Facebook.
- The script then unloads, and drops a cookie indicating the the Facebook script has been run
- If the script has been placed in a website’s header, it will reload the next time the user visits a different page on the site. This time the script will detect the clickjack’s ‘Facebook complete’ cookie and automatically iterate to the next logged in service.


USING THE CODE

- Each of the social network functions have specific opacity settings. These are currently set to VISIBLE (1). If you would like to go into stealth mode and hide the buttons, change all the ‘opacity’ settings to 0 (I will eventually make this a global option).
- You must specific your account in the parameters of each of the social networks. Replace all instances of “[YOURNAME]” with your account name.
- Execution of the Facebook code requires a Facebook APP ID. The app ID you are using must have the same domain name as the script. This code is located in index.html
The login status messages can be safely removed form the HTML file without effecting the rest of the code.

Batmans

01-21-2015, 04:31 PM
THANK YOU for sharing this. Definitely has potential i.e. Your LIKE showed up right on my page when I did the test.

Just for reference. Like Jacking is definitely against Facebooks T.O.U. - If one of their spys catches you using it then your webpage can be banned. At least that what they are saying in reference to another product that I purchased that does a similar type of thing called "LIKE JACKING". This is why with their product they have things that allow you to have the LIKE Jacker not appear when certain IP's come to your page such as known Facebook spys IP's etc. My point is if using this be creative with when you use it to avoid hassles.

BATMAN

agiey7

01-21-2015, 07:27 PM
Is the script mobile friendly?

sfenix

01-21-2015, 09:22 PM
interesting, thanks for sharing
rep added high

centrum

01-21-2015, 10:45 PM
(01-21-2015 04:31 PM)Batmans Wrote: [ -> ]THANK YOU for sharing this. Definitely has potential i.e. Your LIKE showed up right on my page when I did the test.

Just for reference. Like Jacking is definitely against Facebooks T.O.U. - If one of their spys catches you using it then your webpage can be banned. At least that what they are saying in reference to another product that I purchased that does a similar type of thing called "LIKE JACKING". This is why with their product they have things that allow you to have the LIKE Jacker not appear when certain IP's come to your page such as known Facebook spys IP's etc. My point is if using this be creative with when you use it to avoid hassles.

BATMAN
can you share where did you bought your own like jacking and do they have databases about the FB spy IP's?

coolmirza143

01-22-2015, 05:59 PM
will you please guide me how i canq use it on my blogger blog?
i have a custom domain http://www.thevalentinesdayideasforhim.com

how i can use it in blogspot?

Thanks

granmaster

01-22-2015, 07:25 PM
can you use this on wordpress page?
Pages: 1 2 3 4 5 6
Best Blackhat Forum > Freebies > Software, Scripts, Plug-ins, Tools and Bots > Who Said ClickJacking Is Dead ! NEW Method > ClickJack Facebook, Twitter and Google Plus > Working 2015 !
Reference URL's